It’s no secret that today’s cyberthreats are complex — malware developers are rapidly expanding their attack capabilities to bypass modern security measures. However, as organizations across industries and of varying sizes continue to expand their digital transformation efforts, there’s a consistent obstacle that limits IT teams’ ability to effectively evolve alongside these new threats — network visibility.
Cybersecurity professionals are now tasked with maintaining their traditional security initiatives while simultaneously facilitating their organization’s adoption of new technologies, services and platforms. While these efforts are necessary to meet the demand for modern connectivity, convenience and efficiency, it also results in a weakened security posture. As organizations redesign their network infrastructures, visibility into new and old network elements can become inadvertently restricted as the security controls used to maintain security efforts grow increasingly fragmented.
(This byline originally appeared in Channel Futures as a bylined article.)
This trend hasn’t gone unnoticed by cybercriminals. Today, modern threats are capitalizing on this diminishing visibility and control to the fullest, leveraging a wide breadth of sophisticated attacks to breach network defenses. To properly defend against these attacks, partners need to understand the evolving threats facing their customers, as well as the security solutions and strategies needed to actively combat them.
Threat Trends Capitalize on Poor Visibility and Control
Based on threat data taken from millions of Fortinet devices across the world, the latest Global Threat Landscape Report for Q3 indicates that cyberthreats not only continue to target network vulnerabilities, but also seek to exploit the poor visibility and control resulting from the expansion of networks into the cloud and the rapid adoption of mobility and IoT. This quarterly report serves as an analysis of the current threat landscape facing organizations and their network security, while aiming to help network security teams identify key trends and shifts across the threat landscape.
With this in mind, one of the predominant themes we documented in Q3 is the evolving threats and strategies cybercriminals are using to capitalize on current network vulnerabilities. Most notably, many of these vulnerabilities are being introduced as organizations of all sizes continue their digital transformation initiatives.
As customers continue to widen the scope of their network infrastructures with a range of IoT, mobile and cloud-based solutions, the resulting decrease in visibility and control of those solutions opens threat vectors for cybercriminals to leverage.
There are several important threat trends partners need to remain aware of:
- Evolution of cryptojacking: Cryptojacking, or the process of leaching CPU resources from machines and devices, has long been recognized as a threat to organizations thanks to its ability to drastically slow system efficiency and leach processing power. And now, with new platforms available to advanced attackers, as well as “as-a-service” cryptojacking malware available for purchase on the dark web, the ability to launch large-scale, complex attacks is no longer limited to skilled cybercriminals. What’s more, these new crypto attacks have the potential to disable existing security solutions as well as open additional communications ports on existing firewalls. This means that not only is cryptojacking a serious problem on its own, but it can serve as a gateway through which bad actors are able to install new malware. Considering that the frequency of cryptojacking attacks jumped 38 percent in 2018, underestimating the impact of this cyberthreat can prove especially detrimental to organizations.
- Mobile Malware: Mobile devices are posing a significantly larger threat to network security than ever before. Mobile malware variants attacked more than 25 percent of organizations in Q3 as a result of BYOD policies and unsegmented guest networks. What’s even more surprising, however, is that mobile made up 14 percent of all malware attacks this quarter. Considering the speed at which a mobile device can enter and connect to a network, organizations that cannot properly identify and control these devices are at a substantially high risk.
- IoT Botnets: During Q3 IoT botnet infections rose a steady but anemic 2 percent. However, the period of time these bots were able to stay connected to the network increased by a staggering 34 percent from Q2, averaging 10.2 infection days per firm in Q3. This indicates that the sophistication of botnets is on the rise, that cyber hygiene within organizations is on the decline, or both In either case, if left unchecked these devices have the potential to spread malware laterally across networks and between devices, becoming a threat vector that can be leveraged to gain access to networks. What’s more, the ability for these devices to lie dormant, only returning when business operations resume, means that to effectively mitigate IoT botnets the source device needs to be found and removed.
- Shift Toward Swarm-as-a-Service: A notable shift in the evolution of cyberthreats is that of swarm-based intelligence technology. With emerging capabilities like the AutoSploit toolkit, which provides cybercriminals with the means to automate remote host exploitation, the threat landscape is shifting that much closer toward the possibility of swarm-based botnets. With à la carte IoT botnets like Hajime and Reaper already making headlines for their intelligent, automated attack capabilities, the market for as-a-service attack options using advanced attack capabilities is growing. We’re seeing the attack needle shift toward collaborative, intelligent botnets that cybercriminals can “set and forget.”
A Learn, Segment, Protect Approach to Advanced Threats
As the attack capabilities of cybercriminals continue to evolve, customers need to rearchitect their network infrastructures into a fabric-based strategy that can unify and integrate threat analysis and security processes. From there, customers must then adopt a learn, segment and protect approach to their security efforts that identify and inventory devices gaining access to their networks, and automate the controls and security solutions that track devices and enforce policy across the network.
- Learn: To secure their networks, customers need to not only see every device connected to the network, but also understand their capabilities, limitations and network access. Moreover, they need to also understand the relationship between these devices and the network ecosystem. To this end, it’s crucial that customers leverage automated threat analysis across an integrated security fabric – allowing them to automatically discover and classify devices found within their networks.
- Segment: Once customers are able to see the devices within their networks, they can effectively begin to control them, including limiting the extent and impact of their vulnerabilities. The most effective approach is to dynamically separate them from other resources through network segmentation. Dynamic segmentation allows IT professionals to authenticate devices that belong within the network and then restrict their access to specific segments of the network infrastructure. Moreover, such segmentation also helps them contain and mitigate the damage caused by modern, automated threats.
- Protect: Armed with a comprehensive view into the network ecosystem, your customers then need the ability to monitor, inspect, and enforce access policies based on activity across their network infrastructure. To do this, each network segment must be woven into an integrated security fabric that can centralize threat analysis and deploy security functions across the network ecosystem.
As customers continue to further their digital transformations, cybercriminals have been quick to shift their capabilities and strategies to take advantage of emerging gaps in device visibility and control. This past quarter we documented advanced attack capabilities and trends designed to capitalize on poor device security. Knowing this, customers must update their network architectures to adopt a learn, segment and protect approach to their device security.
In doing so, customers will achieve the granular visibility into devices connecting to their networks they need to ensure that every element is covered by their comprehensive security fabric strategy, including the ability to control those devices, as well as automate security processes across their physical and cloud-based environments to see and respond to new threats.
To learn more, visit the "Best Practices to Grow Your Business Center" on the Partner Portal.
Sign up for our weekly FortiGuard Threat Brief to learn about breaking threat research.